1Round Table Discussion 3 Principles of IT Governance IT Governance from the Worlds PerspectiveBy Dr. Wachara Chantatub Faculty of Commerce and Accountancy Chulalongkorn University Email wachara_at_acc.chula.ac.th 2IT Governance from the Worlds Perspective

Executive Summary

Critical Issues of IT Management

4 Ps

IT Management and Governance Frameworks

IT Government

The IT Governance Institute

IT Governance Global Status Report 2006 (the Work)

Conclusion

3Executive Summary

Over the years, IT has become the backbone of businesses to the point where it would be impossible for many to function (let alone succeed) without it. As a result of its increasing role in the enterprise, the IT function is changing, morphing from a technology provider into a strategic partner.

IT Governance is a structure of relationships and processes to direct and control the enterprise in order to achieve the enterprises goals by adding value while balancing risk versus return over IT and its processes.

This topic will present researches, findings, lessons learnt, and opinions on IT Governance from the worlds experts.

4Critical Issues of IT Management

Considering all the issues of IT management, we have identified the following as critical issues

Environment

Today IT manager must manage a decentralized, end-user-focused environment.

Role

The current IT manager, instead of serving as the technical custodian of computer hardware entities, now functions more like an agent between IT resources and end-users.

Expanding Focus

The IT manager must understand the global issues of the business and its customers, as well as have a comprehensive knowledge of global IT management. IT has expanded on an international level and, as such, the present focus is now on matters that are more global in nature. The influx of technology into nearly every country has opened a cross-cultural window into other nations that, to this point, was unavailable.

5

Integration

In a given organization, the IT department is no longer strictly a separate function, rather, it is an integrated function of all departments.

Increased Risks

IT managers must be knowledgeable enough to effectively deal with greatly increased security risks brought about by the integration of technology.

Inadequate Preparation

Business schools continue to graduate students lacking basic knowledge in IT management.

IT management is all about the efficient and effective use of the four Ps

People

Processes

Products (tools and technology)

Partners (suppliers, vendors, and outsourcing organizations).

7IT Management and Governance Frameworks

COBIT (Control Objectives for Information and Related Technology)

ITIL (IT Infrastructure Library)

CMMI (Capability Maturity Model Integration)

BS 15000

MOF (Microsoft Operations Framework)

and more

8

COBIT (Control Objective for Information and Related Technology)

Issued by the IT Governance Institute (ITGI), COBIT is an industry accepted standard for IT security and control practices that provides a reference framework for management, users and security practitioners.

ITIL (IT Infrastructure Library)

ITIL is one of the most widely accepted management frameworks in the IT world and describes an integrated set of process-oriented best practices for managing IT services.

9

CMMI

Capability Maturity Model Integration (CMMI) is a process improvement approach that provides organizations with the essential elements of effective processes. It can be used to guide process improvement across a project, a division, or an entire organization. CMMI helps integrate traditionally separate organizational functions, set process improvement goals and priorities, provide guidance for quality processes, and provide a point of reference for appraising current processes.

10

BS15000

This is the first formal standard for IT Service Management, developed by the British Standards Institute (BSI Code of Practice for IT Service Management). It is viewed across the industry as a crucial step in turning best practices into reality.

MOF (Microsoft Operations Framework)

MOF is a collection of best practices, principles, and models. It provides comprehensive technical guidance for achieving mission-critical production system reliability, availability, supportability, and manageability for solutions and services built on Microsoft products and technologies. This guidance is presented in the form of white papers, service management guides, assessment tools, operations kits, best practices, case studies, and support tools that address the people, process, and technologies for effectively managing production systems within todays complex distributed IT environment.

addressing the safeguarding of IT assets, disaster recovery and continuity of operations

Resource management

optimising knowledge and IT infrastructure

Performance measurement

tracking project delivery and monitoring IT services

Source www.itgi.org 15The IT Governance Institute

The IT Governance Institute (ITGI) (www.itgi.org) was established in 1998 in recognition of the increasing criticality of information technology to enterprise success. In many organizations, success depends on the ability of IT to enable achievement of business goals. In such an environment, governance over IT is as critical a board and management discipline as corporate governance or enterprise governance. Effective IT governance helps ensure that IT supports business goals, maximizes business investment in IT, and appropriately manages IT-related risks and opportunities.

ITGI is a research think tank that exists to be the leading reference on IT-enabled business systems governance for the global business community. ITGI aims to benefit enterprises by assisting enterprise leaders in their responsibility to make IT successful in supporting the enterprise's mission and goals. By conducting original research on IT governance and related topics, ITGI helps enterprise leaders understand and have the tools to ensure effective governance over IT within their enterprise.

16IT Governance Global Status Report 2006 (the Work)

In 2005, PwC was commissioned by ITGI to conduct the second global survey on IT governance. The survey was conducted from July 2005 until October 2005 and this report highlights the most significant find

The purpose of the survey was to reach members of the C-suite to determine their sense of priority and actions already taken relative to IT governance and their need for tools and services to help assure effective IT governance.

17Key Findings of the 2006 Survey

1. IT is more critical to business than ever.

2. General managers feel more positive toward IT than IT managers do.

3. Significant differences amongst industry sectors exist.

4. IT staffing is the most important IT-related problem.

5. IT security is not the most important IT-related problem.

6. IT outsourcing is out.

7. Awareness of ISACA and ITGI has increased.

8. Awareness of COBIT has increased.

9. Sarbanes-Oxley has not created the anticipated effect.

10. IT governance (and COBIT) is not as easily implemented as originally estimated.

11. COBIT is being used by about 10 percent of the IT population.

18

1. IT is more critical to business than ever.

For 87 percent of the participants, IT is quite to very important to the delivery of the corporate strategy and vision.

For 63 percent of the respondents, IT is regularly or always on the boards agenda.

Question Thinking about your overall corporate strategy or vision, how important do you consider IT to be to the delivery of this strategy or vision? 19Question How frequently is IT included on your organisations board agenda? 202. General managers feel more positive toward IT than IT managers do. Compared to IT managers, general managers attach even more criticality and importance to IT. In addition, they are generally more satisfied with IT and with its strategic alignment with the business.Question Thinking about your overall corporate strategy or vision, how important do you consider IT to be to the delivery of this strategy or vision? 213. Significant differences amongst industry sectors exist. IT/telecom and financial services appear to be better performers when it comes to IT governance, while the retail and manufacturing industries are lesser performers. These outcomes are in line with the degree of strategic importance of IT in these industry sectors.Question Thinking about your overall corporate strategy or vision, how important do you consider IT to be to the delivery of this strategy or vision? 224. IT staffing is the most important IT-related problem. When taking into account all aspects of a problem, such as frequency of occurrence, severity of the problem and future evolution, IT staffing appears to be the most important problem in IT.Question Compound problem index? 235. IT security is not the most important IT-related problem. When taking all dimensions of the problem into account, security (and compliance) is ranked last of eight IT problem categories.Question Compound problem index? 246. IT outsourcing is out. IT outsourcing is no longer seen as the most effective measure to resolve IT problems. As business and IT have become increasingly aware of the fact that IT problems cannot be outsourced, they have tended to bring control of problematic systems back in-house.Question How effective could the following high level measures be for resolving your IT-related problems? 257. Awareness of ISACA and ITGI has increased. Awareness amongst the general IT population of the ISACA and ITGI brands has almost tripled compared to the 2003 survey.Question What organisations are you aware of that provide or implement solutions to IT governance problems? 268. Awareness of COBIT has increased. Awareness in the general population of the existence of COBIT has increased by 50 percent since 2003, from 18 percent to 27 percent. In addition, one out of six respondents who know COBIT claims to know the contents to a great extent.Question Are you personally aware of the existence of COBIT ? 27Question If you are personally aware of the existence of COBIT, are you personally aware of the contents of COBIT?Question If you are personally aware of the existence and the contents of COBIT, to what extent are you aware of its contents? 289. Sarbanes-Oxley has not created the anticipated effect. A lower than expected numberonly 38 percentof the COBIT users indicated that Sarbanes-Oxley legislation or other new accounting-related legislation or regulation was the reason to introduce COBIT in their organisation. (The survey did not distinguish between old and new COBIT users, which could explain the result.)Question Was the Sarbanes-Oxley legislation, or any other new accounting-related legislation or regulation, a reason to introduce COBIT in your organisation? 2910. IT governance (and COBIT) is not as easily implemented as originally estimated. A number of results lead to the conclusion that implementing IT governance is not as straightforward as perhaps once thought. The same conclusion can be made regarding COBIT implementation. Putting things in perspective, however, these results confirm that Good IT governance practices are not built overnight they require time and continued commitment. Implementing COBIT is not a matter of taking it out of the box and implementing it as written. Instead, it is a process of selecting the most appropriate elements, tailoring them as needed and applying them to the specific needs of the organisation. 30Question How easy or difficult has it been for you to implement the COBIT framework or part of the COBIT framework? 3111. COBIT is being used by about 10 percent of the IT population. The current acceptance rate of COBITi.e., the percentage of the general IT population using one or more parts of COBITis now 10 percent (at least). Given the relatively large number of respondents indicating that they use an internally developed IT governance solution, it is probable that there are a number of hidden COBIT users who have implemented portions of it in their own enterprise-specific solution. 32Question What solutions/frameworks do you use or are you considering using? 33Conclusion

IT has become the backbone of enterprises.

Enterprise needs IT management and governance framework(s) to direct and control the enterprise in order to achieve the enterprises goals by adding value while balancing risk versus return over IT and its processes.

IT Governance Global Status Report 2006 (the Work) highlights the most significant findings of awareness, perceptions and applications of IT governance and IT governance frameworks.

PowerShow.com is a leading presentation/slideshow sharing website. Whether your application is business, how-to, education, medicine, school, church, sales, marketing, online training or just for fun, PowerShow.com is a great resource. And, best of all, most of its cool features are free and easy to use.

You can use PowerShow.com to find and download example online PowerPoint ppt presentations on just about any topic you can imagine so you can learn how to improve your own slides and
presentations for free. Or use it to find and download high-quality how-to PowerPoint ppt presentations with illustrated or animated slides that will teach you how to do something new, also for free. Or use it to upload your own PowerPoint slides so you can share them with your teachers, class, students, bosses, employees, customers, potential investors or the world. Or use it to create really cool photo slideshows - with 2D and 3D transitions, animation, and your choice of music - that you can share with your Facebook friends or Google+ circles. That's all free as well!

For a small fee you can get the industry's best online privacy or publicly promote your presentations and slide shows with top rankings. But aside from that it's free. We'll even convert your presentations and slide shows into the universal Flash format with all their original multimedia glory, including animation, 2D and 3D transition effects, embedded music or other audio, or even video embedded in slides. All for free. Most of the presentations and slideshows on PowerShow.com are free to view, many are even free to download. (You can choose whether to allow people to download your original PowerPoint presentations and photo slideshows for a fee or free or not at all.) Check out PowerShow.com today - for FREE. There is truly something for everyone!

presentations for free. Or use it to find and download high-quality how-to PowerPoint ppt presentations with illustrated or animated slides that will teach you how to do something new, also for free. Or use it to upload your own PowerPoint slides so you can share them with your teachers, class, students, bosses, employees, customers, potential investors or the world. Or use it to create really cool photo slideshows - with 2D and 3D transitions, animation, and your choice of music - that you can share with your Facebook friends or Google+ circles. That's all free as well!

For a small fee you can get the industry's best online privacy or publicly promote your presentations and slide shows with top rankings. But aside from that it's free. We'll even convert your presentations and slide shows into the universal Flash format with all their original multimedia glory, including animation, 2D and 3D transition effects, embedded music or other audio, or even video embedded in slides. All for free. Most of the presentations and slideshows on PowerShow.com are free to view, many are even free to download. (You can choose whether to allow people to download your original PowerPoint presentations and photo slideshows for a fee or free or not at all.) Check out PowerShow.com today - for FREE. There is truly something for everyone!